Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. 2025/11/22 08:06:36 parsed 1 programs syzkaller login: [ 70.362306][ T4188] cgroup: Unknown subsys name 'net' [ 70.504070][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.371292][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.377881][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.086475][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 74.822862][ T4235] chnl_net:caif_netlink_parms(): no params data found [ 74.893679][ T4235] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.901716][ T4235] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.911488][ T4235] device bridge_slave_0 entered promiscuous mode [ 74.921955][ T4235] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.930561][ T4235] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.939108][ T4235] device bridge_slave_1 entered promiscuous mode [ 74.970920][ T4235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.982972][ T4235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.018604][ T4235] team0: Port device team_slave_0 added [ 75.026947][ T4235] team0: Port device team_slave_1 added [ 75.054424][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.061487][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.087760][ T4235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.101064][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.108307][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.134279][ T4235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.176716][ T4235] device hsr_slave_0 entered promiscuous mode [ 75.183801][ T4235] device hsr_slave_1 entered promiscuous mode [ 75.315731][ T4235] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.328185][ T4235] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.340039][ T4235] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.350198][ T4235] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.413373][ T4235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.432470][ T4235] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.441375][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.451823][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.463593][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.473547][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.483162][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.491463][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.504529][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.531487][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.542283][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.551290][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.558459][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.588235][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.608404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.626686][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.636984][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.647041][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.658400][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.673156][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.684736][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.695095][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.710656][ T4235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.728447][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.738669][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.747895][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.835509][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.843950][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.856833][ T4235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.875491][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.894516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.903215][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.911260][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.921465][ T4235] device veth0_vlan entered promiscuous mode [ 75.934793][ T4235] device veth1_vlan entered promiscuous mode [ 75.953171][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.962183][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.970551][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.982706][ T4235] device veth0_macvtap entered promiscuous mode [ 75.992413][ T4235] device veth1_macvtap entered promiscuous mode [ 76.009963][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.018138][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.026420][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.035239][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.068023][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.075411][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.084283][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.095574][ T4235] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.104946][ T4235] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.114005][ T4235] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.123034][ T4235] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.946969][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.976806][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.996566][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.014152][ T1279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.023375][ T1279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.033949][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/11/22 08:06:46 executed programs: 0 [ 78.222158][ T4296] chnl_net:caif_netlink_parms(): no params data found [ 78.290600][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.300128][ T4296] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.308185][ T4296] device bridge_slave_0 entered promiscuous mode [ 78.316349][ T4296] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.323617][ T4296] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.331745][ T4296] device bridge_slave_1 entered promiscuous mode [ 78.360595][ T4296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.372281][ T4296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.400890][ T4296] team0: Port device team_slave_0 added [ 78.409072][ T4296] team0: Port device team_slave_1 added [ 78.430581][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.438139][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.464236][ T4296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.482225][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.497820][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.504846][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.533518][ T4296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.564334][ T4296] device hsr_slave_0 entered promiscuous mode [ 78.571165][ T4296] device hsr_slave_1 entered promiscuous mode [ 78.578319][ T4296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.586184][ T4296] Cannot create hsr debugfs directory [ 80.088265][ T1111] Bluetooth: hci0: command 0x0409 tx timeout [ 81.148746][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.204591][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.254076][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.167432][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 82.208580][ T4296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.234418][ T4296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.243940][ T4296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.253309][ T4296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.327760][ T4296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.340623][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.349022][ T1279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.359778][ T4296] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.369999][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.379015][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.389220][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.396386][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.404704][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.417778][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.426575][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.435620][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.442760][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.472154][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.485209][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.496920][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.506213][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.515249][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.527599][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.536716][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.568593][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.577042][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.587049][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.595706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.609372][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.742394][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.750038][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.763177][ T4296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.789539][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.799131][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.831408][ T4296] device veth0_vlan entered promiscuous mode [ 82.839030][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.847751][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.856246][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.864349][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.883341][ T4296] device veth1_vlan entered promiscuous mode [ 82.896422][ T9] device hsr_slave_0 left promiscuous mode [ 82.903833][ T9] device hsr_slave_1 left promiscuous mode [ 82.911244][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.919037][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.927125][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.935260][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.944939][ T9] device bridge_slave_1 left promiscuous mode [ 82.952450][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.966080][ T9] device bridge_slave_0 left promiscuous mode [ 82.973485][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.992347][ T9] device veth1_macvtap left promiscuous mode [ 82.998798][ T9] device veth0_macvtap left promiscuous mode [ 83.004869][ T9] device veth1_vlan left promiscuous mode [ 83.012227][ T9] device veth0_vlan left promiscuous mode [ 83.180273][ T9] team0 (unregistering): Port device team_slave_1 removed [ 83.193134][ T9] team0 (unregistering): Port device team_slave_0 removed [ 83.205684][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.225718][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.284373][ T9] bond0 (unregistering): Released all slaves [ 83.368304][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.376470][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.393336][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.402330][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.414331][ T4296] device veth0_macvtap entered promiscuous mode [ 83.424248][ T4296] device veth1_macvtap entered promiscuous mode [ 83.443097][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.457330][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.465974][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 83.474464][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.483863][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.495024][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.504592][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.513553][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.525300][ T4296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.536883][ T4296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.546180][ T4296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.555235][ T4296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.623893][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.641172][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.668896][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.680453][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.691370][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.700792][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.742501][ T4344] loop0: detected capacity change from 0 to 512 [ 83.806221][ T4344] [ 83.808609][ T4344] ====================================================== [ 83.815636][ T4344] WARNING: possible circular locking dependency detected [ 83.822682][ T4344] syzkaller #0 Not tainted [ 83.827099][ T4344] ------------------------------------------------------ [ 83.834117][ T4344] syz.0.17/4344 is trying to acquire lock: [ 83.839924][ T4344] ffff88807c6eebd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 83.850057][ T4344] [ 83.850057][ T4344] but task is already holding lock: [ 83.857427][ T4344] ffff88805f07ee70 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 83.867286][ T4344] [ 83.867286][ T4344] which lock already depends on the new lock. [ 83.867286][ T4344] [ 83.877717][ T4344] [ 83.877717][ T4344] the existing dependency chain (in reverse order) is: [ 83.886840][ T4344] [ 83.886840][ T4344] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 83.894436][ T4344] down_read+0x44/0x2e0 [ 83.899242][ T4344] ext4_setattr+0x71d/0x19e0 [ 83.904730][ T4344] notify_change+0xbcd/0xee0 [ 83.909860][ T4344] chown_common+0x483/0x610 [ 83.914906][ T4344] do_fchownat+0x164/0x270 [ 83.919869][ T4344] __x64_sys_chown+0x7e/0x90 [ 83.925006][ T4344] do_syscall_64+0x4c/0xa0 [ 83.929958][ T4344] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.936420][ T4344] [ 83.936420][ T4344] -> #1 (jbd2_handle){++++}-{0:0}: [ 83.943735][ T4344] start_this_handle+0x1338/0x15a0 [ 83.949387][ T4344] jbd2__journal_start+0x2b7/0x5a0 [ 83.955031][ T4344] __ext4_journal_start_sb+0x167/0x360 [ 83.961042][ T4344] ext4_writepages+0xdc2/0x2d20 [ 83.966460][ T4344] do_writepages+0x48d/0x6d0 [ 83.971596][ T4344] filemap_fdatawrite_wbc+0x1eb/0x240 [ 83.977536][ T4344] file_write_and_wait_range+0x129/0x1e0 [ 83.984079][ T4344] ext4_sync_file+0x1ff/0xae0 [ 83.989317][ T4344] __x64_sys_fsync+0x1a5/0x1e0 [ 83.994838][ T4344] do_syscall_64+0x4c/0xa0 [ 83.999886][ T4344] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.006528][ T4344] [ 84.006528][ T4344] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 84.015326][ T4344] __lock_acquire+0x2c33/0x7c60 [ 84.020740][ T4344] lock_acquire+0x197/0x3f0 [ 84.026033][ T4344] percpu_down_read+0x46/0x1b0 [ 84.031344][ T4344] ext4_writepages+0x1c0/0x2d20 [ 84.036745][ T4344] do_writepages+0x48d/0x6d0 [ 84.041870][ T4344] __writeback_single_inode+0x153/0xda0 [ 84.047946][ T4344] writeback_single_inode+0x221/0x8b0 [ 84.053858][ T4344] write_inode_now+0x217/0x280 [ 84.059247][ T4344] iput+0x5ab/0x8a0 [ 84.063603][ T4344] ext4_xattr_set_entry+0x10ff/0x3d30 [ 84.070088][ T4344] ext4_xattr_block_set+0x4f7/0x2d30 [ 84.076252][ T4344] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 84.082874][ T4344] __ext4_expand_extra_isize+0x301/0x3e0 [ 84.089514][ T4344] __ext4_mark_inode_dirty+0x469/0x700 [ 84.095677][ T4344] ext4_evict_inode+0xa81/0x1080 [ 84.101274][ T4344] evict+0x485/0x870 [ 84.105718][ T4344] ext4_orphan_cleanup+0xaa9/0x12e0 [ 84.111456][ T4344] ext4_fill_super+0x92f0/0x9a60 [ 84.116949][ T4344] mount_bdev+0x287/0x3c0 [ 84.121830][ T4344] legacy_get_tree+0xe6/0x180 [ 84.127042][ T4344] vfs_get_tree+0x88/0x270 [ 84.131996][ T4344] do_new_mount+0x24a/0xa40 [ 84.137033][ T4344] __se_sys_mount+0x2d6/0x3c0 [ 84.142243][ T4344] do_syscall_64+0x4c/0xa0 [ 84.147191][ T4344] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.153622][ T4344] [ 84.153622][ T4344] other info that might help us debug this: [ 84.153622][ T4344] [ 84.163857][ T4344] Chain exists of: [ 84.163857][ T4344] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 84.163857][ T4344] [ 84.177271][ T4344] Possible unsafe locking scenario: [ 84.177271][ T4344] [ 84.184739][ T4344] CPU0 CPU1 [ 84.190120][ T4344] ---- ---- [ 84.195493][ T4344] lock(&ei->xattr_sem); [ 84.200007][ T4344] lock(jbd2_handle); [ 84.206712][ T4344] lock(&ei->xattr_sem); [ 84.213580][ T4344] lock(&sbi->s_writepages_rwsem); [ 84.218803][ T4344] [ 84.218803][ T4344] *** DEADLOCK *** [ 84.218803][ T4344] [ 84.226960][ T4344] 3 locks held by syz.0.17/4344: [ 84.231913][ T4344] #0: ffff8880797740e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 84.242175][ T4344] #1: ffff888079774650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 84.251654][ T4344] #2: ffff88805f07ee70 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 84.261917][ T4344] [ 84.261917][ T4344] stack backtrace: [ 84.267830][ T4344] CPU: 1 PID: 4344 Comm: syz.0.17 Not tainted syzkaller #0 [ 84.275025][ T4344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 84.285087][ T4344] Call Trace: [ 84.288361][ T4344] [ 84.291292][ T4344] dump_stack_lvl+0x168/0x230 [ 84.295970][ T4344] ? load_image+0x3b0/0x3b0 [ 84.300470][ T4344] ? show_regs_print_info+0x20/0x20 [ 84.305666][ T4344] ? print_circular_bug+0x12b/0x1a0 [ 84.310857][ T4344] check_noncircular+0x274/0x310 [ 84.315820][ T4344] ? add_chain_block+0x940/0x940 [ 84.320750][ T4344] ? lockdep_lock+0xdc/0x1e0 [ 84.325337][ T4344] ? lockdep_unlock+0x134/0x2d0 [ 84.330186][ T4344] ? mark_lock+0x94/0x320 [ 84.334536][ T4344] __lock_acquire+0x2c33/0x7c60 [ 84.339398][ T4344] ? verify_lock_unused+0x140/0x140 [ 84.344593][ T4344] ? verify_lock_unused+0x140/0x140 [ 84.349798][ T4344] lock_acquire+0x197/0x3f0 [ 84.354300][ T4344] ? ext4_writepages+0x1c0/0x2d20 [ 84.359426][ T4344] ? check_path+0x40/0x40 [ 84.363758][ T4344] ? __might_sleep+0xf0/0xf0 [ 84.368368][ T4344] ? read_lock_is_recursive+0x10/0x10 [ 84.373760][ T4344] ? mark_lock+0x94/0x320 [ 84.378088][ T4344] ? __lock_acquire+0x13ad/0x7c60 [ 84.383124][ T4344] percpu_down_read+0x46/0x1b0 [ 84.387883][ T4344] ? ext4_writepages+0x1c0/0x2d20 [ 84.392908][ T4344] ext4_writepages+0x1c0/0x2d20 [ 84.397777][ T4344] ? rcu_is_watching+0x11/0xa0 [ 84.402579][ T4344] ? lock_release+0xba/0x870 [ 84.407187][ T4344] ? rcu_lock_release+0x5/0x20 [ 84.411963][ T4344] ? mark_lock+0x94/0x320 [ 84.416425][ T4344] ? verify_lock_unused+0x140/0x140 [ 84.421640][ T4344] ? mark_lock+0x94/0x320 [ 84.425977][ T4344] ? ext4_readpage+0x2e0/0x2e0 [ 84.430768][ T4344] ? __lock_acquire+0x13ad/0x7c60 [ 84.435883][ T4344] ? rcu_lock_release+0x5/0x20 [ 84.440745][ T4344] ? __lock_acquire+0x7c60/0x7c60 [ 84.445791][ T4344] ? do_raw_spin_lock+0x11d/0x280 [ 84.450814][ T4344] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 84.456200][ T4344] ? do_raw_spin_unlock+0x11d/0x230 [ 84.461402][ T4344] ? ext4_readpage+0x2e0/0x2e0 [ 84.466170][ T4344] do_writepages+0x48d/0x6d0 [ 84.470865][ T4344] ? __writepage+0x130/0x130 [ 84.475462][ T4344] ? writeback_single_inode+0x216/0x8b0 [ 84.481009][ T4344] ? __lock_acquire+0x7c60/0x7c60 [ 84.486044][ T4344] ? do_raw_spin_lock+0x11d/0x280 [ 84.491064][ T4344] __writeback_single_inode+0x153/0xda0 [ 84.496608][ T4344] writeback_single_inode+0x221/0x8b0 [ 84.501987][ T4344] ? write_inode_now+0x280/0x280 [ 84.506933][ T4344] write_inode_now+0x217/0x280 [ 84.511704][ T4344] ? bdi_split_work_to_wbs+0x820/0x820 [ 84.517203][ T4344] ? do_raw_spin_unlock+0x11d/0x230 [ 84.522414][ T4344] iput+0x5ab/0x8a0 [ 84.526227][ T4344] ext4_xattr_set_entry+0x10ff/0x3d30 [ 84.531606][ T4344] ? ext4_xattr_ibody_set+0x330/0x330 [ 84.537096][ T4344] ? rcu_is_watching+0x11/0xa0 [ 84.541863][ T4344] ? kmem_cache_free+0x14c/0x210 [ 84.546801][ T4344] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 84.552874][ T4344] ext4_xattr_block_set+0x4f7/0x2d30 [ 84.558166][ T4344] ? do_raw_spin_unlock+0x11d/0x230 [ 84.563399][ T4344] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 84.569125][ T4344] ? ext4_xattr_block_find+0x500/0x500 [ 84.574684][ T4344] ? ext4_xattr_block_find+0x433/0x500 [ 84.580151][ T4344] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 84.585969][ T4344] __ext4_expand_extra_isize+0x301/0x3e0 [ 84.591601][ T4344] __ext4_mark_inode_dirty+0x469/0x700 [ 84.597058][ T4344] ext4_evict_inode+0xa81/0x1080 [ 84.601988][ T4344] ? _raw_spin_unlock+0x24/0x40 [ 84.606835][ T4344] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 84.612745][ T4344] ? do_raw_spin_unlock+0x11d/0x230 [ 84.617946][ T4344] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 84.623838][ T4344] evict+0x485/0x870 [ 84.627750][ T4344] ? __lock_acquire+0x7c60/0x7c60 [ 84.632774][ T4344] ? proc_nr_inodes+0x320/0x320 [ 84.637625][ T4344] ? do_raw_spin_unlock+0x11d/0x230 [ 84.642821][ T4344] ? _raw_spin_unlock+0x24/0x40 [ 84.647753][ T4344] ? iput+0x706/0x8a0 [ 84.651737][ T4344] ext4_orphan_cleanup+0xaa9/0x12e0 [ 84.657033][ T4344] ? ext4_orphan_del+0xb90/0xb90 [ 84.661975][ T4344] ? errseq_check_and_advance+0x62/0x120 [ 84.667646][ T4344] ext4_fill_super+0x92f0/0x9a60 [ 84.672605][ T4344] ? ext4_mount+0x40/0x40 [ 84.676927][ T4344] ? set_blocksize+0x1f1/0x370 [ 84.681696][ T4344] ? sb_set_blocksize+0xa5/0xe0 [ 84.686565][ T4344] mount_bdev+0x287/0x3c0 [ 84.690893][ T4344] ? ext4_mount+0x40/0x40 [ 84.695226][ T4344] legacy_get_tree+0xe6/0x180 [ 84.699927][ T4344] ? ext4_errno_to_code+0x160/0x160 [ 84.705218][ T4344] vfs_get_tree+0x88/0x270 [ 84.709631][ T4344] do_new_mount+0x24a/0xa40 [ 84.714147][ T4344] __se_sys_mount+0x2d6/0x3c0 [ 84.718819][ T4344] ? __x64_sys_mount+0xc0/0xc0 [ 84.723575][ T4344] ? lockdep_hardirqs_on+0x94/0x140 [ 84.728767][ T4344] ? __x64_sys_mount+0x1c/0xc0 [ 84.733532][ T4344] do_syscall_64+0x4c/0xa0 [ 84.737943][ T4344] ? clear_bhb_loop+0x30/0x80 [ 84.742615][ T4344] ? clear_bhb_loop+0x30/0x80 [ 84.747289][ T4344] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.753207][ T4344] RIP: 0033:0x7efe64781eea [ 84.757626][ T4344] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.777253][ T4344] RSP: 002b:00007ffd35715b58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 84.785665][ T4344] RAX: ffffffffffffffda RBX: 00007ffd35715be0 RCX: 00007efe64781eea [ 84.793637][ T4344] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffd35715ba0 [ 84.801606][ T4344] RBP: 0000200000000180 R08: 00007ffd35715be0 R09: 0000000000800700 [ 84.809580][ T4344] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 84.817551][ T4344] R13: 00007ffd35715ba0 R14: 000000000000046f R15: 000000000000002c [ 84.825529][ T4344] [ 84.830147][ T4247] Bluetooth: hci0: command 0x040f tx timeout [ 84.851388][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.865039][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.874669][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 84.888212][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.894811][ T4344] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 84.908524][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.922188][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.929013][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 84.941702][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.948381][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.962211][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.971256][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 84.985512][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 84.992905][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 85.006597][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 85.013415][ T4344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 85.026172][ T4344] EXT4-fs (loop0): Remounting filesystem read-only [ 85.033533][ T4344] EXT4-fs (loop0): 1 orphan inode deleted [ 85.039415][ T4344] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.